Linux dismounting wu-ftpd

Source: Internet
Author: User
Tags ftp site rfc822
Linux dismounting wu-ftpd-Linux Enterprise Application-Linux server application information. The following is a detailed description. Wu-ftpd is easy to install. Most linux versions contain the rpm package of wu-ftpd. You can

To specify the mount when installing linux. If you want to compile the source code on your own, you can also go to the ftp://ftp.wu-ftpd.org

Download the latest source code package.

After installation, run the ckconfig command to check whether the installation is correct. In/etc/passwd, you can
Specifies the logon directory of the ftp user.

Wu-ftpd has the following six configuration files:

Ftpaccess (main configuration file to control access permissions)

Ftpconvertions (Configuration File compression/Decompression conversion)

Ftpgroups (set a group defined by ftp)

Ftphosts (set individual user permissions)

Ftpservers (set different IP addresses/Domain names to correspond to different virtual hosts)

Ftpusers (set which accounts cannot be connected using ftp)

Next we will introduce them one by one.

Login/etc/ftpaccess (main configuration file of wu-ftpd)

Class -- defines a group. Its usage is as follows:

Class <种类> <用户地址> [ <用户地址> ……]

Only group users defined by the class can be connected. You can use a multi-layer class to regulate where the group users can come from. There are three important types: real and anonymous guest. If real is not listed in the definition, no real general users on this machine can connect to the machine using their own accounts. If anonymous is not defined, it means that no one without an account will be connected. If you have a defined guest, the people in the guest group can come up. In addition <用户地址> The IP address used by ftp users. Here are some examples:


Class all real, guest, anonymous *


Defines a class named all, which contains three types of connected users of all IP addresses (that is, all users are included)


Class local real localhost loopback


The local class says that only real users can connect to the local machine.


Class remote guest, anonymous *


The remote class contains the guest and anonymous users from anywhere, but real users do not count


Class rmtuser real! * .Example.com


Rmtuser this class contains real users from outside (except example.com)


Autogroup -- automatically corresponds to a group. Its usage is as follows:


Autogroup […]


When you define users of the same class, Once connected, they will be mapped to a corresponding group, in this way, you can use Unix File permissions to restrict a group of people.


Deny: rejects connections from some addresses. The usage is as follows:


Deny <拒绝连线的地址> <信息文件>


Disable some machines from connecting and display <信息文件> . For example:


Deny 210.62.146. *: commandid 254/etc/reject. msg


Guestgroup -- set a visitor Group


Guestuser -- set the Guest account


Realgroup -- set a real group


Realuser -- set the real account


Nice -- set the priority for some classes. The usage is as follows:


Nice


In linux, nice values are-20 (top priority) to 19 (last Processing). Here you can specify negative values to improve the priority of a class.


Defumask -- set the umask of a class. The usage is as follows:


Defumask []


Umask is the permission mask of the file when the file is created.


Tcpwindow -- set the tcpwindow size


Keepalive -- set whether to use TCP SO_KEEPALIVE to control disconnection


Timeout -- sets the connection timeout. The usage is as follows:


Timeout accept <秒>


Accept connection timeout. The default value is 120 seconds.


Timeout connect <秒>


Connection establishment timeout. The default value is 120 seconds.


Timeout data <秒>


Data transmission time-out, default 1200 seconds


Timeout idle <秒>


User daze timeout, default 900 seconds


File-limit -- restrict a class to only a few files. The usage is as follows:


File-limit [] []


Restrict the number of access files to a class, including in (upload) and out (download). total raw indicates the entire transfer result, not just data files. For example:


File-limit out 20 lvfour


Users of lvfour class can only download up to 20 files.


Byte-limit -- restrict a class to only a few bytes. Its usage is similar to that of file-limit.


Limit-time -- limits how long a connection can last. The usage is as follows:


Limit-time {* | anonymous | guest} <分钟>


To prevent the user from being unable to log on to the website, you can use this method to limit the user's online time. For example:


Limit-time guest 5


It takes only 5 minutes for the user of the guest account


Limit -- limits the number of people allowed to launch a class at the same time. The usage is as follows:


Limit <连线数目> <时间区段> <额满信息文件>


Set the maximum number of concurrent users of a class in a certain time segment, followed by the information to be displayed when the number of connections exceeds. For example:


Limit all 32 Any/home/ftp/etc/toomanyuser. msg


Only 32 Users can be bound to all connections at any time. If the connection limit is exceeded, the connection is denied and information is displayed.


Limit levellone 5 Any2300-0600/home/ftp/etc/toomanyuser. msg


Limit that levellone class users can only have five connections between and.


Noretrieve -- set which files cannot be downloaded


Noretrieve [absolute/relative] [class =]… [-] [ <文件名> …]


Absolute or relative indicates whether the file uses an absolute or relative path.


Allow = retrieve -- set which files can be downloaded


Allow [absolute/relative] [class =]… [-] [ <文件名> …]


Loginfails -- set the number of failed login attempts


When a user is connected, the ID or password may be wrong. This setting can cause the user to be disconnected after a few attempts, so that no one can guess the password using the brute force method.


Private -- set whether site group/site gpass can be executed online


When the site group and site gpass commands are enabled, you can use these two commands to switch to the/etc/ftpgroup GROUP. Generally, this function is not used to avoid security vulnerabilities.


Greeting -- display the version information of the Server. The usage is as follows:


Greeting


When the server information displayed on the user login screen is full, it is the default value, including the version number and hostname. brief only has hostname, while terse only has "FTP server ready" information.


Barnner -- set the information that the user sees before entering the Login screen. The usage is as follows:


Banner <文件路径>


This section describes the information that appears before the ID/Password is entered during user login. The file path is relative to the actual path, rather than the ftp root directory.


Host -- set the ftp host Name


Email -- specifies the ftp administrator's email address


Message -- Information File Settings, usage:


Message <文件> { <何时> {......}}


The file path here is relative to the ftp root directory. "When" refers to the response after you perform any action. There are several options:


Login (login time)


Cwd = <目录> (When entering a directory)


The class name is defined previously. You can send your information to only the persons you want.


In addition to text, the content of the information file can also use the following predefined codes:


% T (local time)


% F (the space remaining in the current partition)


% C (current directory)


% E (administrator's email)


% R (client host name)


% L (local host name)


% U (user name)


% M (how many people are allowed to connect to my same class user)


% N (how many people are connected to my same class user currently)


% B (absolute disk size, current partition (unit: blocks ))


% B (preferred disk size, current partition (unit: blocks ))


% Q (currently used blocks)


% I (maximum available inodes (+ 1 ))


% I (Preferred inodes restrictions)


% Q (currently used indoes)


% H (Time Limit for excessive disk space usage)


% H (Time Limit for Excessive File Usage)


Readme -- notifies users of README files that have been updated


Log commands -- Record the commands used by the user. The usage is as follows:


Log commands <用户种类>


Log transfers -- records the files transmitted by the user. The usage is as follows:


Log transfers <用户种类> <传输方向>


Set the types of user files to be recorded, including inbound (User upload) and outbound (user download), for example:


Log transfers anonymous, guest inbound, outbound


Log security -- Record security, which is used as follows:


Log security <用户种类>


It is especially used to record security records of certain users, such as noretrive and notar.


Log syslog-record the syslog file to the System


Alias -- sets the directory alias. Its usage is as follows:


Alias <别名字符串> <目录>


Cdpath -- set the sequence of searching for cd replace Directories


Compress, tar -- set whether to automatically compress. Usage:


Compress […]


Tar […]


Define who can perform compression and tar


Shutdown -- notifies the user that the site is shutting down


Shutdown <信息文件>


If the information file exists, the connection will be rejected and the existing connection will be cut off after the specified time. The format of this information file is as follows:


<年> <月> <日> <时> <分> <拒绝倒数> <断线倒数> <文字>


Daemon address -- specifies to listen to only one IP address. The usage is as follows:


Daemon address


When you have many IP addresses, using this option will cancel any other virtual FTP host settings. If not set, listen to all IP addresses.


Virtual -- set the virtual FTP site


Wu-ftpd provides the virtual host function, that is, different FTP sites are provided on the same machine, which are distinguished by the host name or IP address. If you want to use a name, you also need to work with DNS. Virtual has many settings:


Virtual


<路径>


It can be a host name or IP address.


Root refers to the ftp root directory, banner is the welcome information, and logfile refers to the log file of this virtual platform


Here are some examples:


Virtual virtual.com. bj root/home/ftp2


Virtual virtual.com. bj banner/etc/vftpbanner.2


Virtual virtual.com. bj logfile/etc/viftplog.2


Virtual


<字母>


You can check the hostname and administrator email. The following are some examples:


Virtual 210.62.146.50 hostname virtual.site.com. bj


Virtual vritual.site.com. bjemail ftpown@virtual.site.com.bj


Virtual


Allow <用户> [ <用户> ……]

Virtual

Deny <用户> [ <用户> ……]

Obviously, the above two options are used to determine whether to allow connections. The following are some examples:

Virtual virtual.site.com. bj allow *

Virtual virtual.site.com. bj deny badman

Virtual

Private

This virtual platform rejects anonymous Users

Defaultserver deny <用户> [ <用户> ……]

Defaultserver allow <用户> [ <用户> ……]

When we use a virtual host, the original deny and allow settings do not know which server to set, so it will be invalid. defaultserver is used to represent the original host.

Defaultserver private

The main platform rejects anonymous Users

Passive address -- convert IP value

Passive address <外部ip> /Cidr

Passive ports -- the range of passive ports

Passive ports

Pasv-allow -- allow pasv

Pasv-allow [ <地址> ……]

Port-allow -- allow port

Port-allow [ <地址> ……]

Mailserver -- specify the mail server for the Upload notification

Incmail -- specifies the email notification address of anonymous upload

Virtual incmail -- specifies the email notification address of the virtual host anonymous upload

Defaultserver incmail -- specify the email notification address of the preset host anonymous upload

Mailfrom -- Notification sender upload

Virtual mailfrom -- sender of the VM upload notification

Defaultserver mailfrom -- specifies the sender of the host upload notification.

Chmod -- set whether the File Permission can be changed

Delete -- sets whether the file can be deleted.

Overwrite -- overwrite the file

Rename -- rename a file

Umask -- allow setting umask

Passwd-check -- set the password check degree of anonymous FTP. The usage is as follows:

Passwd-check ()

Set whether to check the password of the anonymous ftp user. none indicates no check, trivial indicates any password containing @, and rfc822 indicates that the password follows the RFC822 format, enforce indicates that the password check is not allowed, and warn indicates that the password check only contains warning information.

Deny = email -- reject a specific email as a password

Path-filer -- determines which file names are not available

Path-filer <错误信息文件> <允许字符> <不允许字符>

Upload -- set upload permission

Upload [absloute/relative] [class =]… [-] <设定的目录> > [Dirs/nodirs] [d_mode]

Used to set permissions for the directory we want to set:

Absoulte/relative use absolute or relative paths

Class = Specify a class

Root-dir refers to the root-dir users, that is, the chroot logon directory.

The Set directory refers to the directory we want to limit

Yes/no indicates whether a new file can be opened in this directory

Owner. The group indicates the file owner and group.

Mode indicates the File Permission.

Dirs/nodirs indicates whether a new directory can be opened.

D_mode: sets the directory permission when a new directory is created. If this parameter is not set, the permission is set based on the mode.

Thoughput -- control download speed

Thoughput <子目录列表> <文件> <远端地址列表>

To control the speed at which a remote address can capture certain files in a subdirectory, for example:

Thoughput/e/ftp ** oo -*

Thoughput/e/ftp/sw ** 1024 0.5 *

Thoughput/e/ftp sw * readme oo -*

Thoughput/e/ftp sw ** oo-* .foo.com

Can you see the above settings? "Oo" indicates no limit on bytes/sec, "-" or "1.0" means a double. The first line indicates that files under/e/ftp do not limit the download speed. The second line indicates that any file under/sw * is limited to 1024 bytes/sec *

0.5 = 512 bytes/sec; the speed limit of the readme file is canceled in the third line; the last line is open to * .foo.com at full speed.

Anonymous-root -- set the root directory of an anonymous user for a class

Anonymous-root []

Guest-root -- preset a guest user root directory

Guest-root []

Specify the uid range.

Deny-uid, deny-gid -- reject a UID (GID) Range

Allow-uid, allow-gid -- allows a certain UID (GID) Range

Restricted-uid, restricted-gid -- restrict the user from leaving his/her logon directory

Unrestricted-uid, unrestricted-gid -- the user can leave his/her logon directory.

Dns refuse_mismatch

Dns refuse_mismatch <信息文件> [Override]

When a user uses an unregistered IP address, the user rejects the connection. override disconnects the user from an error and connects the user. The information file is for the user to see.

Dns refuse_no_reverse -- sets no reverse query record to reject connections

Dns refuse_no_reverse <信息文件> [Override]

When the user's IP address does not have a record, his connection is rejected.

Dns resolveoptions -- set DNS resolution options

Dns resolveoptions [options]

DNS resolution options can be set here

Hosts/etc/ftphosts

The ftphosts file is similar to the access and deny in ftpaccess. It is especially used to set the connections of some IDs. It has no class definition, so it must be a real user.


Allow | deny <用户> <地址> [ <地址> ……]


Here are some examples:


Allow rose 140.0.0/8


Deny jack 140.123.0.0: 255.255.0.0


Allow rose to come in from 140. *. *. Deny jack from 140. 123. *. *.


Users/etc/ftpservers


This file controls the configuration file used by the incoming connections when you have different IP addresses/hostnames. For example:


10.196.145.10/etc/ftpd/ftpaccess. somedomain/


10.196.145.200/etc/ftpd/ftpaccess. someotherdomain/


Some. domain internal


10.196.145.20/etc/ftpd/config/faqs.org/


Ftp. some. domain/etc/ftpd/config/faqs.org/


Users/etc/ftpusers


Users recorded in this file are prohibited from using FTP


Limits/etc/ftpgroups


Use the site group command to switch the group online. Site exec is prone to security vulnerabilities, which are generally not open to users.


Outputs/etc/ftpconversions


It is used for tar, compress, gzip, and other action instruction configuration files. You only need to use presets. If you do not enable instant compression and packaging, you can also clear the content.
Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.